Integrate RevealX Enterprise with Palo Alto Networks Prisma

This integration enables you to configure ExtraHop sensors to ingest packets from your Palo Alto Networks Prisma solution to detect threats, discover and monitor devices, and gain insight into network traffic flows.

Important:The RevealX integration with Palo Alto Networks Prisma is currently only available to Early Access Program participants. If you would like to learn more about this integration and be notified as soon as it is publicly available, reach out to your ExtraHop account team.

Before you begin

  • Your Palo Alto Networks Prisma system must be configured for traffic replication in Prisma.
  • You must have full write privileges or higher on RevealX Enterprise.
  • Your RevealX system must be connected to an ExtraHop sensor with firmware version 9.8 or later.
  • Your ExtraHop sensor must be dedicated to ingesting only Palo Alto Networks Prisma packets, and you must dedicate a separate ExtraHop sensor for each Prisma storage bucket that you want to ingest.
  • You must configure one ExtraHop interface in Management mode only, and you cannot configure any other interfaces for packet ingest.
  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the Network Settings section, click Connectivity.
  3. In the Packet Ingest Settings section, select Ingest packets forwarded from Palo Alto Networks Prisma.
  4. Complete the following fields that pertain to the traffic replication configuration in your Palo Alto Networks Prisma system:
    1. In the Bucket name field, enter the Cloud Storage Link that corresponds to the storage bucket configured in Prisma.
    2. In the GCP service account credentials field, enter the credentials that correspond to the service account that configured traffic replication in Prisma.
    3. In the Private key field, enter the private key that corresponds to the traffic replication encryption certificate configured in Prisma.
  5. Click Save.

Next steps

Last modified 2024-10-12